package interceptor;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;

import java.util.Map;

public class PermitInterceptor extends MethodFilterInterceptor {
    @Override
    protected String doIntercept(ActionInvocation invocation) throws Exception {
        ActionContext context = invocation.getInvocationContext();
        String username = (String) context.getSession().get("username");
        Map request = (Map) context.get("request");
        if (username == null) {
            request.put("msg", "没有登录,请<a href='login.jsp'>登录</a>");
            return "error";
        } else {
            String method = invocation.getProxy().getMethod().toLowerCase();
            if (!"admin".equals(username) && (method.startsWith("add") || method.startsWith("del") || method.startsWith("update"))) {
                request.put("msg", "没有权限,<a href='javascript:history.go(-1)'>返回</a>");
                return "error";
            }
        }
        return invocation.invoke();
    }
}
